Transaction/Operations risk arises from fraud, processing
errors, system disruptions, or other unanticipated events resulting
in the institution's inability to deliver products or services.
This risk exists in each product and service offered. The level of
transaction risk is affected by the structure of the institution's
processing environment, including the types of services offered and
the complexity of the processes and supporting technology.

In most instances, e-banking activities will increase the
complexity of the institution's activities and the quantity of its
transaction/operations risk, especially if the institution is
offering innovative services that have not been standardized. Since
customers expect e-banking services to be available 24 hours a day,
7 days a week, financial institutions should ensure their e-banking
infrastructures contain sufficient capacity and redundancy to
ensure reliable service availability. Even institutions that do not
consider e-banking a critical financial service due to the
availability of alternate processing channels, should carefully
consider customer expectations and the potential impact of service
disruptions on customer satisfaction and loyalty.

The key to controlling transaction risk lies in adapting
effective polices, procedures, and controls to meet the new risk
exposures introduced by e-banking. Basic internal controls
including segregation of duties, dual controls, and reconcilements
remain important. Information security controls, in particular,
become more significant requiring additional processes, tools,
expertise, and testing. Institutions should determine the
appropriate level of security controls based on their assessment of
the sensitivity of the information to the customer and to the
institution and on the institution's established risk tolerance
level. Security controls are discussed in this booklet's "Risk
Management of E-Banking Activities" section under the heading
"Information Security Program."